diff --git a/README.md b/README.md index ddfc855..0f55f72 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Nextcloud for YunoHost own data. A personal cloud which run on your own server. With Nextcloud you can synchronize your files over your devices. -**Shipped version:** 12.0.2 +**Shipped version:** 12.0.5 [![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud) ![](https://github.com/nextcloud/screenshots/blob/master/files/filelist.png) diff --git a/conf/config.json b/conf/config.json index 4f019e2..2e7aca8 100644 --- a/conf/config.json +++ b/conf/config.json @@ -1,38 +1,41 @@ -{ - "system": { - "datadirectory": "#DATADIR#", - "trusted_domains": [ - "localhost", - "#DOMAIN#" - ], - "updatechecker": false, - "memcache.local": "\\OC\\Memcache\\APCu", - "integrity.check.disabled": true - }, - "apps": { - "user_ldap": { - "ldap_base": "dc=yunohost,dc=org", - "ldap_base_groups": "ou=groups,dc=yunohost,dc=org", - "ldap_base_users": "ou=users,dc=yunohost,dc=org", - "ldap_cache_ttl": "600", - "ldap_configuration_active": "1", - "ldap_display_name": "displayname", - "ldap_email_attr": "mail", - "ldap_expert_username_attr": "uid", - "ldap_group_display_name": "cn", - "ldap_group_filter": "objectClass=posixGroup", - "ldap_group_filter_mode": "0", - "ldap_groupfilter_objectclass": "posixGroup", - "ldap_host": "localhost", - "ldap_login_filter": "(&(|(objectclass=posixAccount))(uid=%uid))", - "ldap_login_filter_mode": "0", - "ldap_port": "389", - "ldap_quota_attr": "userquota", - "ldap_tls": "0", - "ldap_user_display_name": "cn", - "ldap_user_filter_mode": "0", - "ldap_userfilter_objectclass": "posixAccount", - "ldap_userlist_filter": "objectclass=posixAccount" - } - } -} +{ + "system": { + "updatechecker": false, + "memcache.local": "\\OC\\Memcache\\APCu", + "integrity.check.disabled": true, + "filelocking.enabled": true, + "memcache.locking": "\\OC\\Memcache\\Redis", + "redis": { + "host": "localhost", + "port": "6379", + "timeout": "0.0", + "password": "" + } + }, + "apps": { + "user_ldap": { + "ldap_base": "dc=yunohost,dc=org", + "ldap_base_groups": "ou=groups,dc=yunohost,dc=org", + "ldap_base_users": "ou=users,dc=yunohost,dc=org", + "ldap_cache_ttl": "600", + "ldap_configuration_active": "1", + "ldap_display_name": "displayname", + "ldap_email_attr": "mail", + "ldap_expert_username_attr": "uid", + "ldap_group_display_name": "cn", + "ldap_group_filter": "objectClass=posixGroup", + "ldap_group_filter_mode": "0", + "ldap_groupfilter_objectclass": "posixGroup", + "ldap_host": "localhost", + "ldap_login_filter": "(&(|(objectclass=posixAccount))(uid=%uid))", + "ldap_login_filter_mode": "0", + "ldap_port": "389", + "ldap_quota_attr": "userquota", + "ldap_tls": "0", + "ldap_user_display_name": "cn", + "ldap_user_filter_mode": "0", + "ldap_userfilter_objectclass": "posixAccount", + "ldap_userlist_filter": "objectclass=posixAccount" + } + } +} diff --git a/conf/config_install.json b/conf/config_install.json new file mode 100644 index 0000000..52bff54 --- /dev/null +++ b/conf/config_install.json @@ -0,0 +1,9 @@ +{ + "system": { + "datadirectory": "#DATADIR#", + "trusted_domains": [ + "localhost", + "#DOMAIN#" + ] + } +} diff --git a/conf/nginx.conf b/conf/nginx.conf index 9cdfa11..3eee860 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -23,7 +23,12 @@ location ^~ __PATH__ { # Set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; - + + # Extend timeouts + client_body_timeout 60m; + proxy_read_timeout 60m; + fastcgi_read_timeout 60m; + # Disable gzip to avoid the removal of the ETag header gzip off; diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index b8dfd24..485c87b 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -365,6 +365,7 @@ catch_workers_output = yes ;env[TMP] = /tmp ;env[TMPDIR] = /tmp ;env[TEMP] = /tmp +env[PATH] = $PATH ; Additional php.ini defines, specific to this pool of workers. These settings ; overwrite the values previously defined in the php.ini. The directives are the diff --git a/manifest.json b/manifest.json index 325c870..aa601ed 100644 --- a/manifest.json +++ b/manifest.json @@ -6,9 +6,9 @@ "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms", "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions" }, - "version": "12.0.2", + "version": "12.0.5-1", "url": "https://nextcloud.com", - "license": "AGPL-3", + "license": "AGPL-3.0", "maintainer": { "name": "-", "email": "-" diff --git a/scripts/_common.sh b/scripts/_common.sh index 3ea7420..f4085a7 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,7 +3,7 @@ # COMMON VARIABLES #================================================= -pkg_dependencies="php5-gd php5-json php5-intl php5-mcrypt php5-curl php5-apcu php5-imagick php5-ldap acl tar smbclient" +pkg_dependencies="php5-gd php5-json php5-intl php5-mcrypt php5-curl php5-apcu php5-redis php5-ldap php5-imagick imagemagick acl tar smbclient" #================================================= # COMMON HELPERS diff --git a/scripts/backup b/scripts/backup index de9fd26..aecf0c0 100755 --- a/scripts/backup +++ b/scripts/backup @@ -3,11 +3,6 @@ #================================================= # GENERIC START #================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit on command errors and treat access to unset variables as an error -set -eu #================================================= # IMPORT GENERIC HELPERS @@ -21,6 +16,13 @@ fi source _common.sh source /usr/share/yunohost/helpers +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # LOAD SETTINGS #================================================= @@ -82,5 +84,5 @@ if [ -z $backup_core_only ] then ynh_backup "/home/yunohost.app/${app}/data" else - echo "Data dir will not saved, because backup_core_only is set." >&2 + echo "Data dir will not be saved, because backup_core_only is set." >&2 fi diff --git a/scripts/install b/scripts/install index 2eb6baa..cf22534 100755 --- a/scripts/install +++ b/scripts/install @@ -144,11 +144,6 @@ exec_occ maintenance:install \ # CONFIGURE NEXTCLOUD #================================================= -nc_conf="${final_path}/config.json" -cp ../conf/config.json "$nc_conf" -ynh_replace_string "#DOMAIN#" "$domain" "$nc_conf" -ynh_replace_string "#DATADIR#" "$datadir" "$nc_conf" - # Ensure that UpdateNotification app is disabled exec_occ app:disable updatenotification @@ -156,7 +151,18 @@ exec_occ app:disable updatenotification exec_occ app:enable user_ldap exec_occ ldap:create-empty-config -# Load the config file in nextcloud +# Load the installation config file in nextcloud +nc_conf="${final_path}/config_install.json" +cp ../conf/config_install.json "$nc_conf" +ynh_replace_string "#DOMAIN#" "$domain" "$nc_conf" +ynh_replace_string "#DATADIR#" "$datadir" "$nc_conf" +exec_occ config:import "$nc_conf" +# Then remove it +rm -f "$nc_conf" + +# Load the additional config file (used also for upgrade) +nc_conf="${final_path}/config_install.json" +cp ../conf/config.json "$nc_conf" exec_occ config:import "$nc_conf" # Then remove it rm -f "$nc_conf" @@ -216,6 +222,8 @@ ynh_store_file_checksum "${final_path}/config/config.php" cron_path="/etc/cron.d/$app" cp -a ../conf/nextcloud.cron "$cron_path" +chown root: "$cron_path" +chmod 644 "$cron_path" ynh_replace_string "#USER#" "$app" "$cron_path" ynh_replace_string "#DESTDIR#" "$final_path" "$cron_path" diff --git a/scripts/restore b/scripts/restore index 6bc4987..b476d80 100755 --- a/scripts/restore +++ b/scripts/restore @@ -3,11 +3,6 @@ #================================================= # GENERIC START #================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit on command errors and treat access to unset variables as an error -set -eu #================================================= # IMPORT GENERIC HELPERS @@ -21,6 +16,13 @@ fi source _common.sh source /usr/share/yunohost/helpers +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # LOAD SETTINGS #================================================= @@ -102,12 +104,16 @@ ynh_restore_file "/etc/logrotate.d/$app" # RESTORE THE DATA DIRECTORY #================================================= +datadir="/home/yunohost.app/${app}/data" + # The data directory will be restored only if it exists in the backup archive # So only if it was backup previously. -if [ -d "$YNH_BACKUP_DIR/data" ] +if [ -d "$YNH_BACKUP_DIR/apps/$app/backup/home/yunohost.app/$app" ] then - datadir="/home/yunohost.app/${app}/data" ynh_restore_file "$datadir" +else + # Create app folders + mkdir -p "$datadir" fi # Remove the option backup_core_only if it's in the settings.yml file ynh_app_setting_delete $app backup_core_only diff --git a/scripts/upgrade b/scripts/upgrade index 6692a38..a156b9f 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -286,6 +286,8 @@ ynh_store_file_checksum "${final_path}/config/config.php" cron_path="/etc/cron.d/$app" cp -a ../conf/nextcloud.cron "$cron_path" +chown root: "$cron_path" +chmod 644 "$cron_path" ynh_replace_string "#USER#" "$app" "$cron_path" ynh_replace_string "#DESTDIR#" "$final_path" "$cron_path" @@ -334,7 +336,7 @@ they are probably disabled and you'll have to manually enable them again." >&2 #================================================= # Use logrotate to manage app-specific logfile(s) -ynh_use_logrotate +ynh_use_logrotate --non-append #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index d26531a..92b7b2b 100755 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -1,7 +1,7 @@ #!/bin/bash # Last available nextcloud version -next_version="12.0.2" +next_version="12.0.5" # Nextcloud tarball checksum sha256 -nextcloud_source_sha256="eb34d6cb9f55ee84bf2ad847b4b08cdb925321848ffa2264a9b1566e7b21a17c" \ No newline at end of file +nextcloud_source_sha256="c8be29ace6821079e881818266fe49d28812b5aa0c7d2e76511173d48828ca43" diff --git a/sources/patches/00-add-logout_url-conf.patch b/sources/patches/app-00-add-logout_url-conf.patch similarity index 100% rename from sources/patches/00-add-logout_url-conf.patch rename to sources/patches/app-00-add-logout_url-conf.patch diff --git a/patches/01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch b/sources/patches/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch similarity index 97% rename from patches/01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch rename to sources/patches/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch index eba7c0c..f5ced3a 100644 --- a/patches/01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch +++ b/sources/patches/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch @@ -1,33 +1,33 @@ - lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++ - lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++- - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php -index 85ae127f5f..91618a09fc 100644 ---- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php -+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php -@@ -65,6 +65,10 @@ class ContentSecurityPolicyNonceManager { - * @return bool - */ - public function browserSupportsCspV3() { -+ // YunoHost patch: disable CSPv3 nonces to: -+ // - avoid white page on first login from YunoHost portal -+ // - allow YunoHost tile display -+ return false; - $browserWhitelist = [ - Request::USER_AGENT_CHROME, - // Firefox 45+ -diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -index 64d4eb6e5d..59d5885620 100644 ---- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -@@ -377,7 +377,8 @@ class EmptyContentSecurityPolicy { - - if(!empty($this->allowedFontDomains)) { - $policy .= 'font-src ' . implode(' ', $this->allowedFontDomains); -- $policy .= ';'; -+ // YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script -+ $policy .= ' data:;'; - } - - if(!empty($this->allowedConnectDomains)) { + lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++ + lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php +index 85ae127f5f..91618a09fc 100644 +--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php ++++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php +@@ -65,6 +65,10 @@ class ContentSecurityPolicyNonceManager { + * @return bool + */ + public function browserSupportsCspV3() { ++ // YunoHost patch: disable CSPv3 nonces to: ++ // - avoid white page on first login from YunoHost portal ++ // - allow YunoHost tile display ++ return false; + $browserWhitelist = [ + Request::USER_AGENT_CHROME, + // Firefox 45+ +diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +index 64d4eb6e5d..59d5885620 100644 +--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php ++++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +@@ -377,7 +377,8 @@ class EmptyContentSecurityPolicy { + + if(!empty($this->allowedFontDomains)) { + $policy .= 'font-src ' . implode(' ', $this->allowedFontDomains); +- $policy .= ';'; ++ // YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script ++ $policy .= ' data:;'; + } + + if(!empty($this->allowedConnectDomains)) {